Brute forcing URL shorteners

Here’s a
.tsv
of all the two-character bit.ly links and the URLs they forward to.

It works like this:

Generate the valid URLs

Send an HTTP request with the request library

There have been a decent number of
stories
lately about the security risks posed by URL shorteners because they can be trivially brute forced. A lot of shortened links are probably meant to be public, such as URLs shortened for sharing on social media, but I guess some services, like OneDrive, use short URLs for documents.

disabling rediects

Since I only wanted to find the full URLs that were being redirected to,
and not actually download their content, I set the requets allow_redirects
option to False.